October 2, 2024 at 06:27AM A critical vulnerability in Zimbra was exploited in the wild to deploy a web shell on vulnerable servers shortly after a proof-of-concept release. This raised significant concerns regarding the security of Zimbra systems. Source: SecurityWeek. Based on the meeting notes, the key takeaway is that a critical-severity vulnerability in Zimbra … Read more
June 7, 2024 at 01:48AM Commando Cat, a threat actor, is behind a cryptojacking campaign leveraging poorly secured Docker instances to deploy cryptocurrency miners. The attacks involve targeting misconfigured Docker remote API servers and using Docker images to deploy cryptojacking scripts, evading detection by security software. Additionally, Chinese-speaking threat actors exploit ThinkPHP applications to deliver … Read more
June 6, 2024 at 01:33PM Two remote code execution (RCE) vulnerabilities in ThinkPHP, CVE-2018-20062 and CVE-2019-9082, patched over five years ago, are being exploited in ongoing attacks. Chinese-speaking threat actors use the web shell “Dama” to compromise servers, bypass PHP functions, and escalate privileges. Organizations are urged to urgently patch, as attackers target unpatched systems. … Read more
May 7, 2024 at 09:57AM The recent cyber attack on MITRE Corporation, disclosed last month, exploited two zero-day vulnerabilities to target its NERVE research network. The attackers utilized various web shells and backdoors to gain access and maintain control, including deploying a Golang backdoor and conducting data exfiltration. The attack, attributed to a China-nexus cyber … Read more
November 25, 2023 at 12:18AM An unnamed government entity in Afghanistan fell victim to a sophisticated cyber attack involving a previously unknown web shell called HrServ. The web shell exhibits advanced features and allows threat actors to control the compromised server and carry out various malicious activities. The attack involves the use of a remote … Read more
November 3, 2023 at 09:42AM The Kinsing threat actors are exploiting a Linux privilege escalation flaw called Looney Tunables in a new experimental campaign aimed at breaching cloud environments. They are also extracting credentials from Cloud Service Providers. This is the first documented instance of active exploitation of Looney Tunables, allowing the threat actors to … Read more